CVE-2017-12928
CRITICALTecnoVISION DLX Spot Player4 - Use of Hard-coded Credentials
Title source: llmDescription
A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials.
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/144259/DlxSpot-Hardcoded-Password.html
Scores
CVSS v3
9.8
EPSS
0.0295
EPSS Percentile
85.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (1)
tecnovision/dlx_spot_player4
Published
Sep 21, 2017
Tracked Since
Feb 18, 2026